From aa5113741bb419b02d6ea416bba571fa3d65db46 Mon Sep 17 00:00:00 2001
From: vnugent <public@vaughnnugent.com>
Date: Wed, 7 Feb 2024 01:37:53 -0500
Subject: add missing hmac-key output buffer

---
 src/noscrypt.c | 47 ++++++++++++++++++++++++++++++-----------------
 src/noscrypt.h |  5 +++--
 2 files changed, 33 insertions(+), 19 deletions(-)

(limited to 'src')

diff --git a/src/noscrypt.c b/src/noscrypt.c
index fb6dd4f..9ab1c6e 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -42,7 +42,6 @@
 
 #define CHACHA_NONCE_SIZE 12	//Size of 12 is set by the cipher spec
 #define CHACHA_KEY_SIZE 32		
-#define HMAC_KEY_SIZE 32		
 
 /*
 * Local macro for secure zero buffer fill
@@ -83,7 +82,7 @@
 struct nc_expand_keys {
 	uint8_t chacha_key[CHACHA_KEY_SIZE];
 	uint8_t chacha_nonce[CHACHA_NONCE_SIZE];
-	uint8_t hamc_key[HMAC_KEY_SIZE];
+	uint8_t hamc_key[NC_HMAC_KEY_SIZE];
 };
 
 struct shared_secret {
@@ -125,7 +124,7 @@ static int _convertToPubKey(const NCContext* ctx, const NCPublicKey* compressedP
 	compressed[0] = BIP340_PUBKEY_HEADER_BYTE;
 
 	//Copy the compressed public key data into a new buffer (offset by 1 to store the header byte)
-	MEMMOV((compressed + 1), compressedPubKey->key, NC_PUBKEY_SIZE);
+	MEMMOV((compressed + 1), compressedPubKey, sizeof(NCPublicKey));
 
 	result = secp256k1_ec_pubkey_parse(ctx->secpCtx, pubKey, compressed, sizeof(compressed));
 
@@ -289,7 +288,7 @@ static inline void _expandKeysFromHkdf(const struct message_key* hkdf, struct nc
 	MEMMOV(
 		keys->hamc_key, 
 		hkdfBytes,
-		HMAC_KEY_SIZE
+		NC_HMAC_KEY_SIZE
 	);
 }
 
@@ -353,6 +352,7 @@ static inline NCResult _encryptEx(
 	const NCContext* ctx, 
 	const mbedtls_md_info_t* mdINfo,
 	const struct conversation_key* ck, 
+	uint8_t hmacKey[NC_HMAC_KEY_SIZE],
 	NCCryptoData* args
 )
 {
@@ -363,6 +363,8 @@ static inline NCResult _encryptEx(
 	DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
 	DEBUG_ASSERT2(ck != NULL, "Expected valid conversation key")
 	DEBUG_ASSERT2(args != NULL, "Expected valid encryption args")
+	DEBUG_ASSERT2(mdINfo != NULL, "Expected valid md info struct")
+	DEBUG_ASSERT2(hmacKey != NULL, "Expected valid hmac key buffer")
 
 	//Failure, bail out
 	if ((result = _getMessageKey(mdINfo, ck, args->nonce, NC_ENCRYPTION_NONCE_SIZE, &messageKey)) != NC_SUCCESS)
@@ -373,12 +375,16 @@ static inline NCResult _encryptEx(
 	//Expand the keys from the hkdf so we can use them in the cipher
 	_expandKeysFromHkdf(&messageKey, &cipherKeys);
 
+	//Copy the hmac key into the args
+	MEMMOV(hmacKey, cipherKeys.hamc_key, NC_HMAC_KEY_SIZE);
+
 	//CHACHA20
 	result = _chachaEncipher(&cipherKeys, args);
 
 Cleanup:
 	//Clean up sensitive data
 	ZERO_FILL(&messageKey, sizeof(messageKey));
+	ZERO_FILL(&cipherKeys, sizeof(cipherKeys));
 
 	return result;
 }
@@ -770,23 +776,27 @@ Cleanup:
 NC_EXPORT NCResult NC_CC NCEncryptEx(
 	const NCContext* ctx, 
 	const uint8_t conversationKey[NC_CONV_KEY_SIZE], 
+	uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE],
 	NCCryptoData* args
 )
 {
 	CHECK_NULL_ARG(ctx, 0)
 	CHECK_INVALID_ARG(ctx->secpCtx, 0)
 	CHECK_NULL_ARG(conversationKey, 1)
-	CHECK_NULL_ARG(args, 2)
+	CHECK_NULL_ARG(hmacKeyOut, 2)
+	CHECK_NULL_ARG(args, 3)
 
 	//Validte ciphertext/plaintext
-	CHECK_INVALID_ARG(args->inputData, 2)
-	CHECK_INVALID_ARG(args->outputData, 2)
-	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 2)	
+	CHECK_INVALID_ARG(args->inputData, 3)
+	CHECK_INVALID_ARG(args->outputData, 3)
+	CHECK_INVALID_ARG(args->nonce, 3)
+	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)	
 
 	return _encryptEx(
 		ctx, 
 		_getSha256MdInfo(), 
 		(struct conversation_key*)conversationKey, 
+		hmacKeyOut,
 		args
 	);
 }
@@ -795,6 +805,7 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
 	const NCContext* ctx, 
 	const NCSecretKey* sk, 
 	const NCPublicKey* pk, 
+	uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE],
 	NCCryptoData* args
 )
 {	
@@ -807,12 +818,14 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
 	CHECK_INVALID_ARG(ctx->secpCtx, 0)
 	CHECK_NULL_ARG(sk, 1)
 	CHECK_NULL_ARG(pk, 2)
-	CHECK_NULL_ARG(args, 3)
+	CHECK_NULL_ARG(hmacKeyOut, 3)
+	CHECK_NULL_ARG(args, 4)
 
 	//Validate input/output data
-	CHECK_INVALID_ARG(args->inputData, 3)
-	CHECK_INVALID_ARG(args->outputData, 3)
-	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)
+	CHECK_INVALID_ARG(args->inputData, 4)
+	CHECK_INVALID_ARG(args->outputData, 4)
+	CHECK_INVALID_ARG(args->nonce, 4)
+	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 4)
 
 	mdInfo = _getSha256MdInfo();
 
@@ -828,7 +841,7 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
 		goto Cleanup;
 	}
 
-	result = _encryptEx(ctx, mdInfo, &conversationKey, args);
+	result = _encryptEx(ctx, mdInfo, &conversationKey, hmacKeyOut, args);
 
 Cleanup:
 	//Clean up sensitive data
@@ -838,7 +851,6 @@ Cleanup:
 	return result;
 }
 
-
 NC_EXPORT NCResult NC_CC NCDecryptEx(
 	const NCContext* ctx, 
 	const uint8_t conversationKey[NC_CONV_KEY_SIZE], 
@@ -853,7 +865,8 @@ NC_EXPORT NCResult NC_CC NCDecryptEx(
 	//Validte ciphertext/plaintext
 	CHECK_INVALID_ARG(args->inputData, 2)
 	CHECK_INVALID_ARG(args->outputData, 2)
-	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_DEC_MESSAGE_SIZE, NIP44_MAX_DEC_MESSAGE_SIZE, 3)
+	CHECK_INVALID_ARG(args->nonce, 2)
+	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 2)
 
 	return _decryptEx(
 		ctx, 
@@ -863,7 +876,6 @@ NC_EXPORT NCResult NC_CC NCDecryptEx(
 	);
 }
 
-
 NC_EXPORT NCResult NC_CC NCDecrypt(
 	const NCContext* ctx,
 	const NCSecretKey* sk,
@@ -885,7 +897,8 @@ NC_EXPORT NCResult NC_CC NCDecrypt(
 	//Validte ciphertext/plaintext
 	CHECK_INVALID_ARG(args->inputData, 3)
 	CHECK_INVALID_ARG(args->outputData, 3)
-	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_DEC_MESSAGE_SIZE, NIP44_MAX_DEC_MESSAGE_SIZE, 3)
+	CHECK_INVALID_ARG(args->nonce, 3)
+	CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)
 
 	mdInfo = _getSha256MdInfo();
 
diff --git a/src/noscrypt.h b/src/noscrypt.h
index f6bfe76..387d856 100644
--- a/src/noscrypt.h
+++ b/src/noscrypt.h
@@ -72,6 +72,7 @@
 #define NC_PUBKEY_SIZE 32
 #define NC_SHARED_SEC_SIZE 32
 #define NC_CONV_KEY_SIZE 32
+#define NC_HMAC_KEY_SIZE 32
 #define NC_MESSAGE_KEY_SIZE NIP44_MESSAGE_KEY_SIZE
 
 /*
@@ -80,8 +81,6 @@
 */
 #define NIP44_MIN_ENC_MESSAGE_SIZE 1
 #define NIP44_MAX_ENC_MESSAGE_SIZE 65535
-#define NIP44_MIN_DEC_MESSAGE_SIZE 99
-#define NIP44_MAX_DEC_MESSAGE_SIZE 65603 
 
 /*
 * The Nip44 constant salt 
@@ -377,6 +376,7 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
 	const NCContext* ctx, 
 	const NCSecretKey* sk, 
 	const NCPublicKey* pk, 
+	uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE],
 	NCCryptoData* args
 );
 
@@ -462,6 +462,7 @@ the error code and positional argument that caused the error.
 NC_EXPORT NCResult NC_CC NCEncryptEx(
 	const NCContext* ctx, 
 	const uint8_t conversationKey[NC_CONV_KEY_SIZE],
+	uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE],
 	NCCryptoData* args
 );
 
-- 
cgit