From 7cb7a93de4f6f5e741bc5129e3d928e44f050930 Mon Sep 17 00:00:00 2001 From: vnugent Date: Tue, 23 Apr 2024 18:19:31 -0400 Subject: refactor!: MbedTLS on Windows, switch to uint32 --- src/internal/impl/bcrypt.c | 297 ----------------------------------------- src/internal/impl/mbedtls.c | 158 ---------------------- src/internal/impl/monocypher.c | 84 ------------ src/internal/impl/openssl.c | 47 ------- src/internal/nc-crypto.c | 269 ------------------------------------- src/internal/nc-crypto.h | 73 ---------- src/internal/nc-util.h | 88 ------------ 7 files changed, 1016 deletions(-) delete mode 100644 src/internal/impl/bcrypt.c delete mode 100644 src/internal/impl/mbedtls.c delete mode 100644 src/internal/impl/monocypher.c delete mode 100644 src/internal/impl/openssl.c delete mode 100644 src/internal/nc-crypto.c delete mode 100644 src/internal/nc-crypto.h delete mode 100644 src/internal/nc-util.h (limited to 'src/internal') diff --git a/src/internal/impl/bcrypt.c b/src/internal/impl/bcrypt.c deleted file mode 100644 index 8ae6c5a..0000000 --- a/src/internal/impl/bcrypt.c +++ /dev/null @@ -1,297 +0,0 @@ -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: impl/bcrypt.c -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - - -/* -* This file provides as many fallback implementations on Windows plaforms -* as possible using the bcrypt library. This file should be included behind -* other libarry implementations, as it is a fallback. -*/ - -#ifdef _NC_IS_WINDOWS - -#define WIN32_LEAN_AND_MEAN -#include -#include - -#include "../../platform.h" -#include "../nc-util.h" - -#define IF_BC_FAIL(x) if(!BCRYPT_SUCCESS(x)) - -struct _bcrypt_ctx -{ - BCRYPT_ALG_HANDLE hAlg; - BCRYPT_HASH_HANDLE hHash; -}; - -_IMPLSTB NTSTATUS _bcInitSha256(struct _bcrypt_ctx* ctx, DWORD flags) -{ - NTSTATUS result; - - result = BCryptOpenAlgorithmProvider( - &ctx->hAlg, - BCRYPT_SHA256_ALGORITHM, - NULL, - flags - ); - - /* - * If operation failed, ensure the algorithm handle is null - * to make free code easier to cleanup - */ - if (!BCRYPT_SUCCESS(result)) - { - ctx->hAlg = NULL; - } - - return result; -} - -_IMPLSTB NTSTATUS _bcCreateHmac(struct _bcrypt_ctx* ctx, const cspan_t* key) -{ - /* - * NOTE: - * I am not explicitly managing the hash object buffer. By setting - * the hash object to NULL, and length to 0, the buffer will be - * managed by the bcrypt library. - * - * See: https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptcreatehash - */ - - return BCryptCreateHash( - ctx->hAlg, - &ctx->hHash, - NULL, - 0, - (uint8_t*)key->data, - key->size, - BCRYPT_HASH_REUSABLE_FLAG /* Enable reusable for expand function */ - ); -} - -_IMPLSTB NTSTATUS _bcCreate(struct _bcrypt_ctx* ctx) -{ - cspan_t key; - - /* Zero out key span for 0 size and NULL data ptr */ - SecureZeroMemory(&key, sizeof(cspan_t)); - - return _bcCreateHmac(ctx, &key); -} - -_IMPLSTB NTSTATUS _bcHashDataRaw(const struct _bcrypt_ctx* ctx, const uint8_t* data, uint64_t len) -{ - return BCryptHashData(ctx->hHash, (uint8_t*)data, len, 0); -} - -_IMPLSTB NTSTATUS _bcHashData(const struct _bcrypt_ctx* ctx, const cspan_t* data) -{ - return _bcHashDataRaw(ctx, data->data, data->size); -} - -_IMPLSTB NTSTATUS _bcFinishHash(const struct _bcrypt_ctx* ctx, sha256_t digestOut32) -{ - return BCryptFinishHash(ctx->hHash, digestOut32, sizeof(sha256_t), 0); -} - -_IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx) -{ - /* Free the hash memory if it was allocated */ - if(ctx->hHash) BCryptDestroyHash(ctx->hHash); - - /* Close the algorithm provider */ - if (ctx->hAlg) BCryptCloseAlgorithmProvider(ctx->hAlg, 0); - - ctx->hAlg = NULL; - ctx->hHash = NULL; -} - -#ifndef _IMPL_SECURE_ZERO_MEMSET - /* - * On Windows, we can use SecureZeroMemory - * as platform zeroing function. - * - * NOTE: - * SecureZeroMemory2 uses volitle function argument - * pointers, which is a contested mehtod of compiler - * optimization prevention. GNU seems to oppose this method - * - * https://learn.microsoft.com/en-us/windows/win32/memory/winbase-securezeromemory2 - */ - #define _IMPL_SECURE_ZERO_MEMSET SecureZeroMemory -#endif /* !_IMPL_SECURE_ZERO_MEMSET */ - -/* -* Provide win32 fallback for sha256 digest if needed -*/ - -#ifndef _IMPL_CRYPTO_SHA256_DIGEST - - /* Export function fallack */ - #define _IMPL_CRYPTO_SHA256_DIGEST _bcrypt_sha256_digest - - _IMPLSTB cstatus_t _bcrypt_sha256_digest(const cspan_t* data, sha256_t digestOut32) - { - cstatus_t result; - struct _bcrypt_ctx ctx; - - result = CSTATUS_FAIL; /* Start in fail state */ - - IF_BC_FAIL(_bcInitSha256(&ctx, 0)) goto Exit; - - IF_BC_FAIL(_bcCreate(&ctx)) goto Exit; - - IF_BC_FAIL(_bcHashData(&ctx, data)) goto Exit; - - IF_BC_FAIL(_bcFinishHash(&ctx, digestOut32)) goto Exit; - - result = CSTATUS_OK; /* Hash operation completed, so set success */ - - Exit: - - _bcDestroyCtx(&ctx); - - return result; - } - -#endif /* !_IMPL_CRYPTO_SHA256_DIGEST */ - -#ifndef _IMPL_CRYPTO_SHA256_HMAC - - /* Export function */ - #define _IMPL_CRYPTO_SHA256_HMAC _bcrypt_hmac_sha256 - - _IMPLSTB cstatus_t _bcrypt_hmac_sha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32) - { - cstatus_t result; - struct _bcrypt_ctx ctx; - - result = CSTATUS_FAIL; /* Start in fail state */ - - /* Init context with hmac flag set */ - IF_BC_FAIL(_bcInitSha256(&ctx, BCRYPT_ALG_HANDLE_HMAC_FLAG)) goto Exit; - - IF_BC_FAIL(_bcCreateHmac(&ctx, key)) goto Exit; - - IF_BC_FAIL(_bcHashData(&ctx, data)) goto Exit; - - IF_BC_FAIL(_bcFinishHash(&ctx, hmacOut32)) goto Exit; - - result = CSTATUS_OK; /* HMAC operation completed, so set success */ - - Exit: - - _bcDestroyCtx(&ctx); - - return result; - } - -#endif /* !_IMPL_CRYPTO_SHA256_HMAC */ - -/* -* Provide a fallback HKDF expand function using the -* HMAC function as a base. -*/ - -#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND - - #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _fallbackHkdfExpand - - /* Include string for memmove */ - #include - - static void ncWriteSpanS(span_t* span, uint64_t offset, const uint8_t* data, uint64_t size) - { - DEBUG_ASSERT2(span != NULL, "Expected span to be non-null") - DEBUG_ASSERT2(data != NULL, "Expected data to be non-null") - DEBUG_ASSERT2(offset + size <= span->size, "Expected offset + size to be less than span size") - - /* Copy data to span */ - memmove(span->data + offset, data, size); - } - - STATIC_ASSERT(HKDF_IN_BUF_SIZE > SHA256_DIGEST_SIZE, "HDK Buffer must be at least the size of the underlying hashing alg output") - - /* - * The following functions implements the HKDF expand function using an existing - * HMAC function. This is a fallback implementation for Windows platforms at the moment. - * - * This follows the guidence from RFC 5869: https://tools.ietf.org/html/rfc5869 - */ - - #define _BC_MIN(a, b) (a < b ? a : b) - - _IMPLSTB cstatus_t _fallbackHkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm) - { - cstatus_t result; - struct _bcrypt_ctx ctx; - - uint8_t counter; - uint64_t tLen, okmOffset; - uint8_t t[HKDF_IN_BUF_SIZE]; - - _IMPL_SECURE_ZERO_MEMSET(t, sizeof(t)); - - tLen = 0; /* T(0) is an empty string(zero length) */ - okmOffset = 0; - result = CSTATUS_FAIL; /* Start in fail state */ - - /* Init context with hmac flag set, it will be reused */ - IF_BC_FAIL(_bcInitSha256(&ctx, BCRYPT_ALG_HANDLE_HMAC_FLAG)) goto Exit; - - /* Set hmac key to the prk, alg is set to reusable */ - IF_BC_FAIL(_bcCreateHmac(&ctx, prk)) goto Exit; - - /* Compute T(N) = HMAC(prk, T(n-1) | info | n) */ - for (counter = 1; okmOffset < okm->size; counter++) - { - IF_BC_FAIL(_bcHashDataRaw(&ctx, t, tLen)) goto Exit; - IF_BC_FAIL(_bcHashData(&ctx, info)) goto Exit; - IF_BC_FAIL(_bcHashDataRaw(&ctx, &counter, sizeof(counter))) goto Exit; - - /* Write current hash state to t buffer */ - IF_BC_FAIL(_bcFinishHash(&ctx, t)) goto Exit; - - /* Set the length of the current hash state */ - tLen = _BC_MIN(okm->size - okmOffset, SHA256_DIGEST_SIZE); - - DEBUG_ASSERT(tLen <= sizeof(t)); - DEBUG_ASSERT((tLen + okmOffset) < okm->size); - - /* write the T buffer back to okm */ - ncWriteSpanS(okm, okmOffset, t, tLen); - - /* shift base okm pointer by T */ - okmOffset += tLen; - } - - result = CSTATUS_OK; /* HMAC operation completed, so set success */ - - Exit: - - _bcDestroyCtx(&ctx); - - return result; - } - -#endif /* !_IMPL_CRYPTO_SHA256_HKDF_EXPAND */ - -#endif /* _NC_IS_WINDOWS */ \ No newline at end of file diff --git a/src/internal/impl/mbedtls.c b/src/internal/impl/mbedtls.c deleted file mode 100644 index 54caa44..0000000 --- a/src/internal/impl/mbedtls.c +++ /dev/null @@ -1,158 +0,0 @@ -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: mbedtls.c -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - - -/* -* This file contains implemntation functions for the required -* cryptography primitives of noscrypt. This file stubs functionality -* using the Mbed-TLS library, if the builder desires to link against -* it. -*/ - -#ifdef MBEDTLS_CRYPTO_LIB - -#include -#include -#include -#include -#include -#include - -#include "../../platform.h" -#include "../nc-util.h" - -/* -* EXPORT SUPPORTED FUNCTION OVERRIDES -*/ - -_IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) -{ - const mbedtls_md_info_t* info; - /* Get sha256 md info for hdkf operations */ - info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - DEBUG_ASSERT2(info != NULL, "Expected SHA256 md info pointer to be valid") - return info; -} - -#ifndef _IMPL_CHACHA20_CRYPT - - /* Export chacha20 computation */ - #define _IMPL_CHACHA20_CRYPT _mbed_chacha20_encrypt - - _IMPLSTB int _mbed_chacha20_encrypt( - const uint8_t* key, - const uint8_t* nonce, - const uint8_t* input, - uint8_t* output, - size_t dataLen - ) - { - /* Counter always starts at 0 */ - return mbedtls_chacha20_crypt(key, nonce, 0x00u, dataLen, input, output); - } - -#endif - -/* Export sha256 if not already defined */ -#ifndef _IMPL_CRYPTO_SHA256_DIGEST - - #define _IMPL_CRYPTO_SHA256_DIGEST _mbed_sha256_digest - - _IMPLSTB CStatus _mbed_sha256_digest(const uint8_t* data, size_t dataSize,uint8_t* digestOut32) - { - return mbedtls_sha256(data, dataSize, digestOut32, 0); - } - -#endif - -/* Export Sha256 hmac if not already defined by other libs */ -#ifndef _IMPL_CRYPTO_SHA256_HMAC - - #define _IMPL_CRYPTO_SHA256_HMAC _mbed_sha256_hmac - - _IMPLSTB CStatus _mbed_sha256_hmac( - const uint8_t* key, size_t keyLen, - const uint8_t* data, size_t dataLen, - void* hmacOut32 - ) - { - return mbedtls_md_hmac( - _mbed_sha256_alg(), - key, keyLen, - data, dataLen, - hmacOut32 - ); - } -#endif - -/* Export hkdf expand if not already defined */ -#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND - - #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _mbed_sha256_hkdf_expand - - _IMPLSTB int _mbed_sha256_hkdf_expand( - const uint8_t* prk, size_t prkLen, - const uint8_t* info, size_t infoLen, - void* okm, size_t okmLen - ) - { - return mbedtls_hkdf_expand( - _mbed_sha256_alg(), - prk, prkLen, - info, infoLen, - okm, okmLen - ); - } - -#endif - -/* Export hkdf extract if not already defined */ -#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXTRACT - - #define _IMPL_CRYPTO_SHA256_HKDF_EXTRACT _mbed_sha256_hkdf_extract - - _IMPLSTB int _mbed_sha256_hkdf_extract( - const uint8_t* salt, size_t saltLen, - const uint8_t* ikm, size_t ikmLen, - void* prk - ) - { - return mbedtls_hkdf_extract( - _mbed_sha256_alg(), - salt, saltLen, - ikm, ikmLen, - prk - ); - } -#endif - -/* Export fixed-time compare if not already defined */ -#ifndef _IMPL_CRYPTO_FIXED_TIME_COMPARE - - #define _IMPL_CRYPTO_FIXED_TIME_COMPARE _mbed_fixed_time_compare - - /* fixed-time memcmp */ - _IMPLSTB int _mbed_fixed_time_compare(const uint8_t* a, const uint8_t* b, size_t size) - { - return mbedtls_ct_memcmp(a, b, size); - } -#endif - -#endif \ No newline at end of file diff --git a/src/internal/impl/monocypher.c b/src/internal/impl/monocypher.c deleted file mode 100644 index 6e93c63..0000000 --- a/src/internal/impl/monocypher.c +++ /dev/null @@ -1,84 +0,0 @@ -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: impl/monocypher.c -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - - -/* -* This file handles some fallbacks that may not be available on -* some platforms. More specifically: -* - Secure memset 0 -* - Chacha20 cipher -* -*/ - -#ifdef NC_ENABLE_MONOCYPHER - -#include - -#include "../../platform.h" -#include "../nc-util.h" - -/* Export secure memse0 */ -#ifndef _IMPL_SECURE_ZERO_MEMSET - - /* export cytpo wipe function as is */ - #define _IMPL_SECURE_ZERO_MEMSET crypto_wipe -#endif - -/* Export Chacha20 */ -#ifndef _IMPL_CHACHA20_CRYPT - - #define _IMPL_CHACHA20_CRYPT _mc_chacha20_crypt - - _IMPLSTB cstatus_t _mc_chacha20_crypt( - const uint8_t* key, - const uint8_t* nonce, - const uint8_t* input, - uint8_t* output, - uint64_t dataLen - ) - { - if(dataLen > SIZE_MAX) - { - return CSTATUS_FAIL; - } - - /* - * Function returns the next counter value which is not - * needed for noscrypt as encryptions are one-shot, and - * require a new nonce for each encryption. - * - * ITEF function uses a 12byte nonce which is required for - * nip-44 compliant encryption. - */ - crypto_chacha20_ietf( - output, - input, - (size_t)dataLen, - key, - nonce, - 0x00 /* Counter always starts at 0 */ - ); - - return CSTATUS_OK; - } - -#endif - -#endif /* !NC_ENABLE_MONOCYPHER */ \ No newline at end of file diff --git a/src/internal/impl/openssl.c b/src/internal/impl/openssl.c deleted file mode 100644 index d0cdb8c..0000000 --- a/src/internal/impl/openssl.c +++ /dev/null @@ -1,47 +0,0 @@ -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: impl/openssl.c -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - - -/* Setup openssl */ - -#ifdef OPENSSL_CRYPTO_LIB - -#include - -#include "../../platform.h" -#include "../nc-util.h" - -/* -* EXPORT SUPPORTED FUNCTIONS AS MACROS -*/ -#define _IMPL_CHACHA20_CRYPT _mbed_chacha20_encrypt -#define _IMPL_CRYPTO_SHA256_HMAC _mbed_sha256_hmac -#define _IMPL_CRYPTO_SHA256_DIGEST _ossl_sha256_digest -#define _IMPL_CRYPTO_FIXED_TIME_COMPARE _mbed_fixed_time_compare -#define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _mbed_sha256_hkdf_expand -#define _IMPL_CRYPTO_SHA256_HKDF_EXTRACT _mbed_sha256_hkdf_extract - -_IMPLSTB int _ossl_sha256_digest(const uint8_t* data, uint8_t* digest) -{ - -} - - -#endif /*!OPENSSL_CRYPTO_LIB */ \ No newline at end of file diff --git a/src/internal/nc-crypto.c b/src/internal/nc-crypto.c deleted file mode 100644 index 9cd2c3e..0000000 --- a/src/internal/nc-crypto.c +++ /dev/null @@ -1,269 +0,0 @@ -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: nc-crypto.c -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - -#include "nc-util.h" -#include "nc-crypto.h" -#include "../platform.h" - -/* -* Functions are not forced inline, just suggested. -* So unless it beomes a performance issue, I will leave -* most/all impl functions inline and let the compiler -* decide. -*/ - -#define _IMPLSTB static _nc_fn_inline - -/* -* Impl .c files may define the following macros for function implementations: -* -* _IMPL_SECURE_ZERO_MEMSET secure memset 0 function -* _IMPL_CHACHA20_CRYPT chacha20 cipher function -* _IMPL_CRYPTO_FIXED_TIME_COMPARE fixed time compare function -* _IMPL_CRYPTO_SHA256_HMAC sha256 hmac function -* _IMPL_CRYPTO_SHA256_DIGEST standard sha256 digest function -* _IMPL_CRYPTO_SHA256_HKDF_EXPAND hkdf expand function -* _IMPL_CRYPTO_SHA256_HKDF_EXTRACT hkdf extract function -* -* Macros are used to allow the preprocessor to select the correct implementation -* or raise errors if no implementation is defined. -*/ - - - -/* -* Prioritize embedded builds with mbedtls -*/ -#include "impl/mbedtls.c" - -/* -* Include openssl as an alternative default -* implementation -*/ -#include "impl/openssl.c" - -/* -* Include win32 platform specific fallback support -* using bcrypt. -*/ -#include "impl/bcrypt.c" - -/* -* Handle default implementations of secure -* memset 0 functions for each platform. -*/ -#ifndef _IMPL_SECURE_ZERO_MEMSET - #if defined(__GNUC__) - /* - * When using libc, we can use explicit_bzero - * as secure memset implementation. - * - * https://sourceware.org/glibc/manual/2.39/html_mono/libc.html#Erasing-Sensitive-Data - */ - #include - #define _IMPL_SECURE_ZERO_MEMSET explicit_bzero - #endif -#endif - -/* -* Finally fall back to monocipher to handle some -* that are not provided by other libraries. -* -* Platform specific opimizations are considered -* "better" than monocypher options, so this is -* added as a last resort. Momocypher is "correct" -* and portable, but not optimized for any specific -* platform. -*/ -#include "impl/monocypher.c" - - -#ifdef _IMPL_CRYPTO_SHA256_HMAC - - /* - * If a library does not provide a HKDF extract function, - * we can just use the HMAC function as a fallback. - * - * This is a fallback because another library may provide - * a more optimized implementation. - */ - - #ifndef _IMPL_CRYPTO_SHA256_HKDF_EXTRACT - - #define _IMPL_CRYPTO_SHA256_HKDF_EXTRACT _fallbackHkdfExtract - - _IMPLSTB cstatus_t _fallbackHkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk) - { - return _IMPL_CRYPTO_SHA256_HMAC(salt, ikm, prk); - } - - #endif /* !_IMPL_CRYPTO_SHA256_HKDF_EXTRACT */ - -#endif /* _IMPL_CRYPTO_SHA256_HMAC */ - -/* Fallback for fixed time comparison for all platforms */ -#ifndef _IMPL_CRYPTO_FIXED_TIME_COMPARE - - #pragma message("Warning: No fixed time compare implementation defined, using fallback. This may not be secure on all platforms") - - #define _IMPL_CRYPTO_FIXED_TIME_COMPARE _fallbackFixedTimeCompare - - /* - * This implemntation is a slightly simplified version of - * MBed TLS constant time memcmp function, knowm to be a 32bit - * integer size - */ - - static uint32_t _fallbackFixedTimeCompare(const uint8_t* a, const uint8_t* b, uint64_t size) - { - size_t i; - uint32_t result; - uint8_t O; - volatile const uint8_t* A, * B; - - result = 0; - O = 0; - A = (volatile const uint8_t*)a; - B = (volatile const uint8_t*)b; - - /* Compare each byte */ - for(i = 0; i < size; i++) - { - /* Handle volatile read */ - O |= (A[i] ^ B[i]); - - result |= O; - } - - return result; - } - -#endif /* !_IMPL_CRYPTO_FIXED_TIME_COMPARE */ - - -/* -* Internal function implementations that perform -* basic checking and call the correct implementation -* for the desired crypto impl. -*/ - -void ncCryptoSecureZero(void* ptr, uint64_t size) -{ - DEBUG_ASSERT2(ptr != NULL, "Expected ptr to be non-null") - -#ifndef _IMPL_SECURE_ZERO_MEMSET - #error "No secure memset implementation defined" -#endif /* _IMPL_SECURE_ZERO_MEMSET */ - - _IMPL_SECURE_ZERO_MEMSET(ptr, size); -} - -uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint64_t size) -{ - DEBUG_ASSERT2(a != NULL, "Expected a to be non-null") - DEBUG_ASSERT2(b != NULL, "Expected b to be non-null") - -#ifndef _IMPL_CRYPTO_FIXED_TIME_COMPARE - #error "No fixed time compare implementation defined" -#endif /* !_IMPL_CRYPTO_FIXED_TIME_COMPARE */ - - return _IMPL_CRYPTO_FIXED_TIME_COMPARE(a, b, size); -} - -cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32) -{ - /* Debug arg validate */ - DEBUG_ASSERT2(data != NULL && data->data != NULL, "Expected data to be non-null") - DEBUG_ASSERT2(digestOut32 != NULL, "Expected digestOut32 to be non-null") - -#ifndef _IMPL_CRYPTO_SHA256_DIGEST - #error "No SHA256 implementation defined" -#endif /* !_IMPL_CRYPTO_SHA256_DIGEST */ - - return _IMPL_CRYPTO_SHA256_DIGEST(data, digestOut32); -} - -cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32) -{ - /* Debug arg validate */ - DEBUG_ASSERT2(key != NULL && key->data != NULL, "Expected key to be non-null") - DEBUG_ASSERT2(data != NULL && data->data != NULL, "Expected data to be non-null") - DEBUG_ASSERT2(hmacOut32 != NULL && data->data != NULL, "Expected hmacOut32 to be non-null") - -#ifndef _IMPL_CRYPTO_SHA256_HMAC - #error "No SHA256 HMAC implementation defined" -#endif /* !_IMPL_CRYPTO_SHA256_HMAC */ - - return _IMPL_CRYPTO_SHA256_HMAC(key, data, hmacOut32); -} - -cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm) -{ - /* Debug arg validate */ - DEBUG_ASSERT2(prk != NULL && prk->data != NULL, "Expected prk to be non-null") - DEBUG_ASSERT2(info != NULL && info->data != NULL, "Expected info to be non-null") - DEBUG_ASSERT2(okm != NULL && okm->data != NULL, "Expected okm to be non-null") - - /* - * RFC 5869: 2.3 - * "length of output keying material in octets (<= 255 * HashLen)" - */ - - if(okm->size > (uint64_t)(0xFFu * SHA256_DIGEST_SIZE)) - { - return CSTATUS_FAIL; - } - -#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND - #error "No SHA256 HKDF expand implementation defined" -#endif /* !_IMPL_CRYPTO_SHA256_HKDF_EXPAND */ - - return _IMPL_CRYPTO_SHA256_HKDF_EXPAND(prk, info, okm); -} - -cstatus_t ncCryptoSha256HkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk) -{ - /* Debug arg validate */ - DEBUG_ASSERT2(salt != NULL, "Expected salt to be non-null") - DEBUG_ASSERT2(ikm != NULL, "Expected ikm to be non-null") - DEBUG_ASSERT2(prk != NULL, "Expected prk to be non-null") - -#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXTRACT - #error "No SHA256 HKDF extract implementation defined" -#endif /* !_IMPL_CRYPTO_SHA256_HKDF_EXTRACT */ - - return _IMPL_CRYPTO_SHA256_HKDF_EXTRACT(salt, ikm, prk); -} - -cstatus_t ncCryptoChacha20( - const uint8_t key[CHACHA_KEY_SIZE], - const uint8_t nonce[CHACHA_NONCE_SIZE], - const uint8_t* input, - uint8_t* output, - uint64_t dataSize -) -{ - DEBUG_ASSERT2(key != NULL, "Expected key to be non-null") - DEBUG_ASSERT2(nonce != NULL, "Expected nonce to be non-null") - DEBUG_ASSERT2(input != NULL, "Expected input to be non-null") - DEBUG_ASSERT2(output != NULL, "Expected output to be non-null") - - return _IMPL_CHACHA20_CRYPT(key, nonce, input, output, dataSize); -} diff --git a/src/internal/nc-crypto.h b/src/internal/nc-crypto.h deleted file mode 100644 index 3487b2b..0000000 --- a/src/internal/nc-crypto.h +++ /dev/null @@ -1,73 +0,0 @@ - -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: nc-crypto.h -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - -#pragma once - -#ifndef _NC_CRYPTO_H -#define _NC_CRYPTO_H - -#include - -#define CHACHA_NONCE_SIZE 0x0cu /* Size of 12 is set by the cipher spec */ -#define CHACHA_KEY_SIZE 0x20u /* Size of 32 is set by the cipher spec */ -#define SHA256_DIGEST_SIZE 0x20u /* Size of 32 is set by the cipher spec */ - -typedef uint8_t cstatus_t; -#define CSTATUS_OK ((cstatus_t)0x01u) -#define CSTATUS_FAIL ((cstatus_t)0x00u) - -typedef uint8_t sha256_t[SHA256_DIGEST_SIZE]; - -/* -* IMPORTANT: -* The HKDF_IN_BUF_SIZE defintion sets the internal stack buffer size to use -* during fallback HKDF_Expand operations. -* -* 128 bytes should be more than enough for most use cases, without going -* overboard. Could be dialed in better for specific use cases later. -*/ - -#ifndef HKDF_IN_BUF_SIZE - #define HKDF_IN_BUF_SIZE 0x80 -#endif - - -uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint64_t size); - -void ncCryptoSecureZero(void* ptr, uint64_t size); - -cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32); - -cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32); - -cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm); - -cstatus_t ncCryptoSha256HkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk); - -cstatus_t ncCryptoChacha20( - const uint8_t key[CHACHA_KEY_SIZE], - const uint8_t nonce[CHACHA_NONCE_SIZE], - const uint8_t* input, - uint8_t* output, - uint64_t dataSize -); - -#endif /* !_NC_CRYPTO_H */ diff --git a/src/internal/nc-util.h b/src/internal/nc-util.h deleted file mode 100644 index 9f72470..0000000 --- a/src/internal/nc-util.h +++ /dev/null @@ -1,88 +0,0 @@ - -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: nc-util.h -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - -#pragma once - -#ifndef NC_UTIL_H -#define NC_UTIL_H - -/* NULL */ -#ifndef NULL - #define NULL ((void*)0) -#endif /* !NULL */ - - -#ifdef DEBUG - /* Must include assert.h for assertions */ - #include - #define DEBUG_ASSERT(x) assert(x); - #define DEBUG_ASSERT2(x, message) assert(x && message); - - /* - * Compiler enabled static assertion keywords are - * only available in C11 and later. Later versions - * have macros built-in from assert.h so we can use - * the static_assert macro directly. - * - * Static assertions are only used for testing such as - * sanity checks and this library targets the c89 standard - * so static_assret very likely will not be available. - */ - #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L - #define STATIC_ASSERT(x, m) static_assert(x, m) - #elif !defined(STATIC_ASSERT) - #define STATIC_ASSERT(x, m) - #pragma message("Static assertions are not supported by this language version") - #endif - -#else - #define DEBUG_ASSERT(x) - #define DEBUG_ASSERT2(x, message) - #define STATIC_ASSERT(x, m) -#endif - -#include - -typedef struct memory_span_struct -{ - uint8_t* data; - uint64_t size; -} span_t; - -typedef struct read_only_memory_span_struct -{ - const uint8_t* data; - uint64_t size; -} cspan_t; - -static void ncSpanInitC(cspan_t* span, const uint8_t* data, uint64_t size) -{ - span->data = data; - span->size = size; -} - -static void ncSpanInit(span_t* span, uint8_t* data, uint64_t size) -{ - span->data = data; - span->size = size; -} - -#endif /* NC_UTIL_H */ \ No newline at end of file -- cgit