From 6ff8bb11774c51fd341b7699a3938fd894995fbf Mon Sep 17 00:00:00 2001 From: vnugent Date: Thu, 25 Apr 2024 17:45:42 -0400 Subject: refactor: Finish support and testing for mbedtls --- include/hkdf.h | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ include/nc-crypto.h | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++ include/nc-util.h | 16 +++++++++----- include/noscrypt.h | 16 ++++++++++---- include/platform.h | 12 ++++++++--- 5 files changed, 152 insertions(+), 12 deletions(-) create mode 100644 include/hkdf.h create mode 100644 include/nc-crypto.h (limited to 'include') diff --git a/include/hkdf.h b/include/hkdf.h new file mode 100644 index 0000000..460e203 --- /dev/null +++ b/include/hkdf.h @@ -0,0 +1,61 @@ +/* +* Copyright (c) 2024 Vaughn Nugent +* +* Package: noscrypt +* File: hkdf.h +* +* This library is free software; you can redistribute it and/or +* modify it under the terms of the GNU Lesser General Public License +* as published by the Free Software Foundation; either version 2.1 +* of the License, or (at your option) any later version. +* +* This library is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public License +* along with noscrypt. If not, see http://www.gnu.org/licenses/. +*/ + +#pragma once + +#ifndef _NC_HKDF_H +#define _NC_HKDF_H + +#include "nc-util.h" +#include "nc-crypto.h" + +/* +* IMPORTANT: +* The HKDF_IN_BUF_SIZE defintion sets the internal stack buffer size to use +* during fallback HKDF_Expand operations. +* +* 128 bytes should be more than enough for most use cases, without going +* overboard. Could be dialed in better for specific use cases later. +*/ + +#ifndef HKDF_IN_BUF_SIZE + #define HKDF_IN_BUF_SIZE 0x80 +#endif + + +/* typedefs for hdkf callback functions */ + +typedef cstatus_t (*hmac_hash_func)(void* ctx, const cspan_t* data); +typedef cstatus_t (*hmac_finish_fn)(void* ctx, sha256_t hmacOut32); + +struct nc_hkdf_fn_cb_struct +{ + hmac_hash_func update; + hmac_finish_fn finish; +}; + +cstatus_t hkdfExpandProcess( + const struct nc_hkdf_fn_cb_struct* handler, + void* ctx, + const cspan_t* info, + span_t* okm +); + +#endif /* !_NC_HKDF_H */ diff --git a/include/nc-crypto.h b/include/nc-crypto.h new file mode 100644 index 0000000..f04ebe0 --- /dev/null +++ b/include/nc-crypto.h @@ -0,0 +1,59 @@ + +/* +* Copyright (c) 2024 Vaughn Nugent +* +* Package: noscrypt +* File: nc-crypto.h +* +* This library is free software; you can redistribute it and/or +* modify it under the terms of the GNU Lesser General Public License +* as published by the Free Software Foundation; either version 2.1 +* of the License, or (at your option) any later version. +* +* This library is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public License +* along with noscrypt. If not, see http://www.gnu.org/licenses/. +*/ + +#pragma once + +#ifndef _NC_CRYPTO_H +#define _NC_CRYPTO_H + +#include + +#define CHACHA_NONCE_SIZE 0x0cu /* Size of 12 is set by the cipher spec */ +#define CHACHA_KEY_SIZE 0x20u /* Size of 32 is set by the cipher spec */ +#define SHA256_DIGEST_SIZE 0x20u /* Size of 32 is set by the cipher spec */ + +typedef uint8_t cstatus_t; +#define CSTATUS_OK ((cstatus_t)0x01u) +#define CSTATUS_FAIL ((cstatus_t)0x00u) + +typedef uint8_t sha256_t[SHA256_DIGEST_SIZE]; + +uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size); + +void ncCryptoSecureZero(void* ptr, uint32_t size); + +cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32); + +cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32); + +cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm); + +cstatus_t ncCryptoSha256HkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk); + +cstatus_t ncCryptoChacha20( + const uint8_t key[CHACHA_KEY_SIZE], + const uint8_t nonce[CHACHA_NONCE_SIZE], + const uint8_t* input, + uint8_t* output, + uint32_t dataSize +); + +#endif /* !_NC_CRYPTO_H */ diff --git a/include/nc-util.h b/include/nc-util.h index 23399e8..6a0e149 100644 --- a/include/nc-util.h +++ b/include/nc-util.h @@ -21,8 +21,8 @@ #pragma once -#ifndef NC_UTIL_H -#define NC_UTIL_H +#ifndef _NC_UTIL_H +#define _NC_UTIL_H #include "platform.h" @@ -62,6 +62,12 @@ #include +#if SIZE_MAX < UINT32_MAX + #define _sizet_check(x) if(x > SIZE_MAX) return CSTATUS_FAIL; +#else + #define _sizet_check(x) +#endif + typedef struct memory_span_struct { uint8_t* data; @@ -74,16 +80,16 @@ typedef struct read_only_memory_span_struct uint32_t size; } cspan_t; -_nc_fn_inline void ncSpanInitC(cspan_t* span, const uint8_t* data, uint32_t size) +static _nc_fn_inline void ncSpanInitC(cspan_t* span, const uint8_t* data, uint32_t size) { span->data = data; span->size = size; } -_nc_fn_inline void ncSpanInit(span_t* span, uint8_t* data, uint32_t size) +static _nc_fn_inline void ncSpanInit(span_t* span, uint8_t* data, uint32_t size) { span->data = data; span->size = size; } -#endif /* NC_UTIL_H */ \ No newline at end of file +#endif /* !_NC_UTIL_H */ \ No newline at end of file diff --git a/include/noscrypt.h b/include/noscrypt.h index 68ae8f7..4d03b8d 100644 --- a/include/noscrypt.h +++ b/include/noscrypt.h @@ -81,6 +81,9 @@ #define NIP44_MIN_ENC_MESSAGE_SIZE 0x01 #define NIP44_MAX_ENC_MESSAGE_SIZE 0xffff +#define NC_ENC_VERSION_NIP04 0x04 +#define NC_ENC_VERSION_NIP44 0x2c + /* * ERROR CODES * @@ -101,6 +104,8 @@ #define E_INVALID_CONTEXT -3 #define E_ARGUMENT_OUT_OF_RANGE -4 #define E_OPERATION_FAILED -5 +#define E_VERSION_NOT_SUPPORTED -6 + /* A compressed resul/return value, negative values are failure, 0 is success and positive values are @@ -160,6 +165,9 @@ typedef struct nc_encryption_struct { */ uint32_t dataSize; + /* The version of the encryption standard to use */ + uint32_t version; + } NCEncryptionArgs; /* @@ -311,7 +319,7 @@ given secret key and writes the signature to the sig64 buffer. * @param random32 A pointer to the random32 buffer to use for signing * @param data A pointer to the raw data buffer to sign * @param dataSize The size of the raw data buffer -* @param sig64 A pointer to the 64byte buffer to write the signature to +* @param sig64 A pointer to the 64-byte buffer to write the signature to * @return NC_SUCCESS if the operation was successful, otherwise an error code */ NC_EXPORT NCResult NC_CC NCSignData( @@ -350,7 +358,7 @@ NC_EXPORT NCResult NC_CC NCVerifyData( * @param sk A pointer to the secret key to sign with * @param random32 A pointer to the random32 buffer to use for signing * @param digest32 A pointer to sha256 digest32 to sign -* @param sig64 A pointer to the 64byte buffer to write the signature to +* @param sig64 A pointer to the 64-byte buffer to write the signature to * @return NC_SUCCESS if the operation was successful, otherwise an error code */ NC_EXPORT NCResult NC_CC NCSignDigest( @@ -365,8 +373,8 @@ NC_EXPORT NCResult NC_CC NCSignDigest( * Verifies a signature of a digest32 matches the output using the given public key. Equivalent to calling secp256k1_schnorrsig_verify. * @param ctx A pointer to the existing library context -* @param sig64 The 64byte signature to verify -* @param digest32 The digest32 to verify +* @param sig64 A pointer to the 64-byte signature to verify +* @param digest32 A pointer to a 32-byte message digest to verify * @param pk A pointer to the the x-only compressed public key (x-only serialized public key) * @return NC_SUCCESS if the signature could be verified, otherwise an error code */ diff --git a/include/platform.h b/include/platform.h index 8abaadd..ee21cf0 100644 --- a/include/platform.h +++ b/include/platform.h @@ -18,11 +18,15 @@ * along with noscrypt. If not, see http://www.gnu.org/licenses/. */ - /* -* Contains platform specific defintions +* Contains platform specific defintions */ +#pragma once + +#ifndef _NC_PLATFORM_H +#define _NC_PLATFORM_H + #if defined(_MSC_VER) || defined(WIN32) || defined(_WIN32) #define _NC_IS_WINDOWS #elif defined(__linux__) || defined(__unix__) || defined(__posix__) @@ -45,4 +49,6 @@ #else #define _nc_fn_inline #pragma message("Warning: No inline keyword defined for this compiler") -#endif \ No newline at end of file +#endif + +#endif /* !_NC_PLATFORM_H */ \ No newline at end of file -- cgit