diff options
Diffstat (limited to 'src/noscryptutil.c')
| -rw-r--r-- | src/noscryptutil.c | 57 |
1 files changed, 43 insertions, 14 deletions
diff --git a/src/noscryptutil.c b/src/noscryptutil.c index 4cee2c3..89e0f35 100644 --- a/src/noscryptutil.c +++ b/src/noscryptutil.c @@ -37,6 +37,7 @@ #define MIN_PADDING_SIZE 0x20u #define NIP44_VERSION_SIZE 0x01u #define NIP44_PT_LEN_SIZE sizeof(uint16_t) +#define NIP44_NONCE_SIZE NC_NIP44_IV_SIZE /* * minimum size for a valid nip44 payload @@ -200,7 +201,7 @@ static _nc_fn_inline uint32_t _calcNip44TotalOutSize(uint32_t inputSize) bufferSize = NIP44_VERSION_SIZE; - bufferSize += NC_ENCRYPTION_NONCE_SIZE; + bufferSize += NIP44_NONCE_SIZE; bufferSize += NIP44_PT_LEN_SIZE; @@ -267,7 +268,7 @@ static _nc_fn_inline int _nip44ParseSegments( *nonce = ncSpanSliceC( payload, NIP44_VERSION_SIZE, - NC_ENCRYPTION_NONCE_SIZE + NIP44_NONCE_SIZE ); /* @@ -293,8 +294,8 @@ static _nc_fn_inline int _nip44ParseSegments( */ *cipherText = ncSpanSliceC( payload, - NIP44_VERSION_SIZE + NC_ENCRYPTION_NONCE_SIZE, - payload.size - (NIP44_VERSION_SIZE + NC_ENCRYPTION_NONCE_SIZE + NC_ENCRYPTION_MAC_SIZE) + NIP44_VERSION_SIZE + NIP44_NONCE_SIZE, + payload.size - (NIP44_VERSION_SIZE + NIP44_NONCE_SIZE + NC_ENCRYPTION_MAC_SIZE) ); return 1; @@ -357,12 +358,23 @@ static NCResult _nip44EncryptCompleteCore( ZERO_FILL(hmacKeyOut, sizeof(hmacKeyOut)); + /* Get the nonce/iv size so we know how much nonce data to write */ + result = NCUtilCipherGetIvSize(state); + DEBUG_ASSERT(result > 0); + /* Start by appending the version number */ ncSpanAppend(message, &outPos, Nip44VersionValue, sizeof(Nip44VersionValue)); /* next is nonce data */ - ncSpanAppend(message, &outPos, encArgs.nonceData, NC_ENCRYPTION_NONCE_SIZE); - DEBUG_ASSERT(outPos == 1 + NC_ENCRYPTION_NONCE_SIZE); + ncSpanAppend(message, &outPos, encArgs.nonceData, (uint32_t)result); + + /* + * Assert the output points to the end of the nonce segment + * for nip44 this is exactly 33 bytes. This assert also doubles + * to check the output of NCUtilCipherGetIvSize() to ensure + * it's returning the correct size for nip44 + */ + DEBUG_ASSERT(outPos == 1 + NIP44_NONCE_SIZE); /* * Assign the hmac key from the stack buffer. Since the args structure @@ -372,7 +384,7 @@ static NCResult _nip44EncryptCompleteCore( * addresses. */ - result = NCSetEncryptionPropertyEx( + result = NCEncryptionSetPropertyEx( &encArgs, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, @@ -397,7 +409,7 @@ static NCResult _nip44EncryptCompleteCore( * plainText size field. */ - result = NCSetEncryptionData( + result = NCEncryptionSetData( &encArgs, ncSpanGetOffset(message, outPos), /* in place encryption */ ncSpanGetOffset(message, outPos), @@ -517,7 +529,7 @@ static NCResult _nip44DecryptCompleteCore( if ((state->_flags & NC_UTIL_CIPHER_MAC_NO_VERIFY) == 0) { DEBUG_ASSERT(ncSpanGetSizeC(macValue) == NC_ENCRYPTION_MAC_SIZE); - DEBUG_ASSERT(ncSpanGetSizeC(macData) > NC_ENCRYPTION_NONCE_SIZE + MIN_PADDING_SIZE); + DEBUG_ASSERT(ncSpanGetSizeC(macData) > NIP44_NONCE_SIZE + MIN_PADDING_SIZE); /* Assign the mac data to the mac verify args */ macArgs.mac32 = ncSpanGetOffsetC(macValue, 0); @@ -550,7 +562,7 @@ static NCResult _nip44DecryptCompleteCore( DEBUG_ASSERT2(cipherText.size >= MIN_PADDING_SIZE, "Cipertext segment was parsed incorrectly. Too small"); - result = NCSetEncryptionData( + result = NCEncryptionSetData( &encArgs, ncSpanGetOffsetC(cipherText, 0), ncSpanGetOffset(output, 0), /*decrypt ciphertext and write directly to the output buffer */ @@ -653,6 +665,10 @@ NC_EXPORT NCUtilCipherContext* NC_CC NCUtilCipherAlloc(uint32_t encVersion, uint if (encCtx != NULL) { + /* + * Technically I should be using the NCEncSetProperty but this + * is an acceptable shortcut for now, may break in future + */ encCtx->encArgs.version = encVersion; encCtx->_flags = flags; } @@ -694,7 +710,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherInit( CHECK_NULL_ARG(encCtx, 0); CHECK_NULL_ARG(inputData, 1); - if ((encCtx->_flags & NC_UTIL_CIPHER_MODE_DECRYPT) > 0) + if ((encCtx->_flags & NC_UTIL_CIPHER_MODE) == NC_UTIL_CIPHER_MODE_DECRYPT) { /* * Validate the input data for proper format for @@ -842,7 +858,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherReadOutput( return (NCResult)encCtx->buffer.actualOutput.size; } -NC_EXPORT NCResult NCUtilCipherSetProperty( +NC_EXPORT NCResult NC_CC NCUtilCipherSetProperty( NCUtilCipherContext* ctx, uint32_t property, uint8_t* value, @@ -852,7 +868,7 @@ NC_EXPORT NCResult NCUtilCipherSetProperty( CHECK_NULL_ARG(ctx, 0) /* All other arguments are verified */ - return NCSetEncryptionPropertyEx( + return NCEncryptionSetPropertyEx( &ctx->encArgs, property, value, @@ -889,7 +905,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherUpdate( { case NC_ENC_VERSION_NIP44: - if ((encCtx->_flags & NC_UTIL_CIPHER_MODE_DECRYPT) > 0) + if ((encCtx->_flags & NC_UTIL_CIPHER_MODE) == NC_UTIL_CIPHER_MODE_DECRYPT) { return _nip44DecryptCompleteCore(libContext, sk, pk, encCtx); } @@ -908,3 +924,16 @@ NC_EXPORT NCResult NC_CC NCUtilCipherUpdate( return E_VERSION_NOT_SUPPORTED; } } + +NC_EXPORT NCResult NC_CC NCUtilCipherGetIvSize(const NCUtilCipherContext* encCtx) +{ + uint32_t ivSize; + + CHECK_NULL_ARG(encCtx, 0); + + ivSize = NCEncryptionGetIvSize(encCtx->encArgs.version); + + return ivSize == 0 + ? E_VERSION_NOT_SUPPORTED + : (NCResult)ivSize; +} |