Push latest changes, patches, and internal upgrades

CMakeLists.txt

@@ -143,21 +143,6 @@ target_include_directories(${_NC_PROJ_NAME}_static SYSTEM PUBLIC vendor/secp256k
 #
 #############################################
 
-#try to load openssl quietly in order to check for its availability
-find_package(OpenSSL QUIET)
-
-#setup default linking to crypto libraries for certain plaftorms. 
-#Windows defaults to bcrypt, openssl otherwise if installed
-if(CRYPTO_LIB STREQUAL "")	
-  if(MSVC)
-	set(CRYPTO_LIB "bcrypt")
-  elseif(OPENSSL_FOUND)
-	set(CRYPTO_LIB "openssl")
-  endif()
-
-  message(STATUS "No crypto library was specified, defaulting to ${CRYPTO_LIB}")
-endif()
-
 #Include mbedtls if enabled
 if(NC_FETCH_MBEDTLS)
 
@@ -186,6 +171,22 @@ if(NC_FETCH_MBEDTLS)
 
 endif()
 
+#try to load openssl quietly in order to check for its availability
+find_package(OpenSSL QUIET)
+
+#setup default linking to crypto libraries for certain plaftorms. 
+#Windows defaults to bcrypt, openssl otherwise if installed
+if(CRYPTO_LIB STREQUAL "")	
+  if(MSVC)
+	set(CRYPTO_LIB "bcrypt")
+  elseif(OPENSSL_FOUND)
+	set(CRYPTO_LIB "openssl")
+  endif()
+
+  message(STATUS "No crypto library was specified, defaulting to ${CRYPTO_LIB}")
+endif()
+
+
 #if mbedtls linking is enabled target the library
 if(CRYPTO_LIB STREQUAL "mbedtls")
 

Taskfile.yaml

@@ -14,6 +14,7 @@ version: '3'
 
 vars:
   CMAKE_BUILD_DIR: 'build/{{ OS }}'
+  TEST_EXE_NAME: 'nctest'
 
 tasks:
 
@@ -29,21 +30,44 @@ tasks:
      - task: build-internal
        vars: { CMAKE_TEST_STATUS: 'ON', BUILD_CONFIG: 'Debug' }
 
-  build-internal:
-    internal: true
-    cmds:
-     - cmake -S . -B{{.CMAKE_BUILD_DIR}} -DCMAKE_BUILD_TYPE={{.BUILD_CONFIG}} -DNC_BUILD_TESTS={{ .CMAKE_TEST_STATUS }} {{.CLI_ARGS}}
-     - cmake --build {{.CMAKE_BUILD_DIR}} --config {{.BUILD_CONFIG}}
-     - cmd: echo "Build complete. Your files can be found in the {{.CMAKE_BUILD_DIR}} directory"
-       silent: true
-
   #available to users and vnbuild runner
   test:
     desc: "Builds a local copy of the library in a debug configuration, then runs the test executable"
     cmds:
      - task: build-debug
      - cmd: cd {{.CMAKE_BUILD_DIR}} && ctest -C Debug --verbose
 
+  test-mbedtls:
+    desc: "Builds and runs tests for noscrypt using the mbedtls crypto library for the current platform"
+    cmds:
+     - task: build-internal
+       vars: 
+         CMAKE_TEST_STATUS: 'ON'
+         BUILD_CONFIG: 'Debug'
+         CLI_ARGS: '-DNC_FETCH_MBEDTLS=ON {{.CLI_ARGS}}'  #fetches and enabled medtls
+     - cmd: cd {{.CMAKE_BUILD_DIR}} && ctest -C Debug --verbose
+
+  test-dev:
+    desc: "Re-runs compilation phase and test execution"
+    cmds:
+     - task: compile
+       vars: { BUILD_CONFIG: 'Debug' }
+     - cmd: cd {{.CMAKE_BUILD_DIR}} && ctest -C Debug --verbose --output-on-failure
+
+  compile:
+    internal: true
+    cmds:
+      - cmake --build {{.CMAKE_BUILD_DIR}} --config {{.BUILD_CONFIG}}
+
+  build-internal:
+    internal: true
+    cmds:
+     - cmake -S . -B{{.CMAKE_BUILD_DIR}} -DCMAKE_BUILD_TYPE={{.BUILD_CONFIG}} -DNC_BUILD_TESTS={{ .CMAKE_TEST_STATUS }} {{.CLI_ARGS}}
+     - task: compile
+       vars: { BUILD_CONFIG: '{{.BUILD_CONFIG}}' }
+     - cmd: echo "Build complete. Your files can be found in the {{.CMAKE_BUILD_DIR}} directory"
+       silent: true
+
   install:
     desc: "Uses cmake to install the library on your system"
     cmds:
@@ -115,17 +139,26 @@ tasks:
     desc: "Packs up the project source code and creates a tarball in the builds binary directory"
     vars:
       TARGET_SOURCE: '{{.PROJECT_DIR}}/{{.BINARY_DIR}}/{{.PROJECT_NAME}}-src.tgz'
-      SOURCE_FILES: 'CMakeLists.txt src include license tests vendor readme.md Taskfile.yaml'
+      SOURCE_FILES: [ CMakeLists.txt, Taskfile.yaml, src, include, license, tests, vendor, readme.md, CMakePresets.json ]
 
     cmds:
       #tar up the source
-     - tar -czf "{{.TARGET_SOURCE}}" {{.SOURCE_FILES}}  
+     - tar -czf "{{.TARGET_SOURCE}}" {{ .SOURCE_FILES | join " " }}  
 
 #################################
 #
 #       DEV TASKS
 #
 #################################
+
+  dev-gdb-test:
+    platforms: [ linux ]
+    desc: "Starts a new gdb session on the test executable"
+    interactive: true
+    cmds:
+     - task: compile
+       vars: { BUILD_CONFIG: 'Debug' }
+     - cmd: gdb '{{.CMAKE_BUILD_DIR}}/{{.TEST_EXE_NAME}}'
 
   dev-update-deps:
      desc: "Updates vendored projects files (headers mostly) from their source repositories to the latest version"

include/noscrypt.h

@@ -58,7 +58,7 @@ extern "C" {
 		#ifdef _NC_IS_WINDOWS
 			#define NC_EXPORT __declspec(dllimport)
 		#else
-			#define NC_EXPORT
+			#define NC_EXPORT extern
 		#endif /*  _NC_IS_WINDOWS */
 	#endif /*  !NOSCRYPT_EXPORTING */
 #endif /*  !NC_EXPORT */

include/noscryptutil.h

@@ -39,11 +39,13 @@ extern "C" {
 #define E_CIPHER_INVALID_FORMAT			-11
 #define E_CIPHER_BAD_NONCE				-12
 #define E_CIPHER_MAC_INVALID			-13
+#define E_CIPHER_NO_OUTPUT				-14
 
 #define NC_UTIL_CIPHER_MODE_ENCRYPT		0x00u
 #define NC_UTIL_CIPHER_MODE_DECRYPT		0x01u
 #define NC_UTIL_CIPHER_ZERO_ON_FREE		0x02u
 #define NC_UTIL_CIPHER_MAC_NO_VERIFY	0x04u
+#define NC_UTIL_CIPHER_REUSEABLE		0x08u
 
 /*
 * The encryption context structure. This structure is used to store the state 
@@ -166,7 +168,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherGetFlags(const NCUtilCipherContext* ctx);
 * so the exact same operation should happen if called again.
 */
 NC_EXPORT NCResult NC_CC NCUtilCipherUpdate(
-	const NCUtilCipherContext* encCtx,
+	NCUtilCipherContext* encCtx,
 	const NCContext* libContext,
 	const NCSecretKey* sk,
 	const NCPublicKey* pk

src/hkdf.c

@@ -42,35 +42,34 @@ static _nc_fn_inline void debugValidateHandler(const struct nc_hkdf_fn_cb_struct
 cstatus_t hkdfExpandProcess(
 	const struct nc_hkdf_fn_cb_struct* handler,
 	void* ctx,
-	const cspan_t* info,
-	span_t* okm
+	cspan_t info,
+	span_t okm
 )
 {
 	cstatus_t result;
-
-	uint8_t counter;
+	cspan_t tSpan, counterSpan;
 	uint32_t tLen, okmOffset;
+	uint8_t counter[1];
 	uint8_t t[HKDF_IN_BUF_SIZE];
-	cspan_t tSpan, counterSpan;
 
 	debugValidateHandler(handler);
 
 	ncCryptoSecureZero(t, sizeof(t));
 
 	tLen = 0;				/* T(0) is an empty string(zero length) */
 	okmOffset = 0;
-	counter = 1;			/* counter is offset by 1 for init */
+	counter[0] = 1;			/* counter is offset by 1 for init */
 	result = CSTATUS_FAIL;	/* Start in fail state */
 
 	/* counter as a span */
-	ncSpanInitC(&counterSpan, &counter, sizeof(counter));
+	ncSpanInitC(&counterSpan, counter, sizeof(counter));
 
 	/* Compute T(N) = HMAC(prk, T(n-1) | info | n) */
-	while (okmOffset < okm->size)
+	while (okmOffset < okm.size)
 	{
 		ncSpanInitC(&tSpan, t, tLen);
 
-		if (handler->update(ctx, &tSpan) != CSTATUS_OK)
+		if (handler->update(ctx, tSpan) != CSTATUS_OK)
 		{
 			goto Exit;
 		}
@@ -80,7 +79,7 @@ cstatus_t hkdfExpandProcess(
 			goto Exit;
 		}
 
-		if (handler->update(ctx, &counterSpan) != CSTATUS_OK)
+		if (handler->update(ctx, counterSpan) != CSTATUS_OK)
 		{
 			goto Exit;
 		}
@@ -96,18 +95,15 @@ cstatus_t hkdfExpandProcess(
 		}
 
 		/* tlen becomes the hash size or remaining okm size */
-		tLen = HKDF_MIN(okm->size - okmOffset, SHA256_DIGEST_SIZE);
+		tLen = HKDF_MIN(okm.size - okmOffset, SHA256_DIGEST_SIZE);
 
 		DEBUG_ASSERT(tLen <= sizeof(t));
 
-		/* write the T buffer back to okm */
-		ncSpanWrite(*okm, okmOffset, t, tLen);
-
-		/* shift base okm pointer by T */
-		okmOffset += tLen;
+		/* write the T buffer back to okm and advance okmOffset by tLen */
+		ncSpanAppend(okm, &okmOffset, t, tLen);
 
 		/* increment counter */
-		counter++;
+		(*counter)++;
 	}
 
 	result = CSTATUS_OK;	/* HMAC operation completed, so set success */

src/hkdf.h

@@ -42,7 +42,7 @@
 
 /* typedefs for hdkf callback functions */
 
-typedef cstatus_t (*hmac_hash_fn)(void* ctx, const cspan_t* data);
+typedef cstatus_t (*hmac_hash_fn)(void* ctx, cspan_t data);
 typedef cstatus_t (*hmac_finish_fn)(void* ctx, sha256_t hmacOut32);
 
 struct nc_hkdf_fn_cb_struct
@@ -54,8 +54,8 @@ struct nc_hkdf_fn_cb_struct
 cstatus_t hkdfExpandProcess(
 	const struct nc_hkdf_fn_cb_struct* handler,
 	void* ctx,
-	const cspan_t* info,
-	span_t* okm
+	cspan_t info,
+	span_t okm
 );
 
 #endif /* !_NC_HKDF_H */

src/nc-crypto.c

@@ -134,7 +134,7 @@ _IMPLSTB cstatus_t _dummyAesFunc(
 
 		#define _IMPL_CRYPTO_SHA256_HKDF_EXTRACT		_fallbackHkdfExtract
 
-		_IMPLSTB cstatus_t _fallbackHkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk)
+		_IMPLSTB cstatus_t _fallbackHkdfExtract(cspan_t salt, cspan_t ikm, sha256_t prk)
 		{
 			return _IMPL_CRYPTO_SHA256_HMAC(salt, ikm, prk);
 		}
@@ -217,11 +217,11 @@ uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size
 	return _IMPL_CRYPTO_FIXED_TIME_COMPARE(a, b, size);
 }
 
-cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32)
+cstatus_t ncCryptoDigestSha256(cspan_t data, sha256_t digestOut32)
 {
 	/* Debug arg validate */
-	DEBUG_ASSERT2(data != NULL && data->data != NULL,	"Expected data to be non-null")
-	DEBUG_ASSERT2(digestOut32 != NULL,					"Expected digestOut32 to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValidC(data),	"Expected data to be non-null")
+	DEBUG_ASSERT2(digestOut32 != NULL,	"Expected digestOut32 to be non-null")
 
 #ifndef _IMPL_CRYPTO_SHA256_DIGEST
 	#error "No SHA256 implementation defined"
@@ -230,12 +230,12 @@ cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32)
 	return _IMPL_CRYPTO_SHA256_DIGEST(data, digestOut32);
 }
 
-cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32)
+cstatus_t ncCryptoHmacSha256(cspan_t key, cspan_t data, sha256_t hmacOut32)
 {
 	/* Debug arg validate */
-	DEBUG_ASSERT2(key != NULL && key->data != NULL,			"Expected key to be non-null")
-	DEBUG_ASSERT2(data != NULL && data->data != NULL,		"Expected data to be non-null")
-	DEBUG_ASSERT2(hmacOut32 != NULL && data->data != NULL,	"Expected hmacOut32 to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValidC(key),	"Expected key to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValidC(data),	"Expected data to be non-null")
+	DEBUG_ASSERT2(hmacOut32 != NULL,	"Expected hmacOut32 to be non-null")
 
 #ifndef _IMPL_CRYPTO_SHA256_HMAC
 	#error "No SHA256 HMAC implementation defined"
@@ -244,12 +244,12 @@ cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t h
 	return _IMPL_CRYPTO_SHA256_HMAC(key, data, hmacOut32);
 }
 
-cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm)
+cstatus_t ncCryptoSha256HkdfExpand(cspan_t prk, cspan_t info, span_t okm)
 {
 	/* Debug arg validate */
-	DEBUG_ASSERT2(prk != NULL && prk->data != NULL,		"Expected prk to be non-null")
-	DEBUG_ASSERT2(info != NULL && info->data != NULL,	"Expected info to be non-null")
-	DEBUG_ASSERT2(okm != NULL && okm->data != NULL,		"Expected okm to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValidC(prk),	"Expected prk to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValidC(info),	"Expected info to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValid(okm),	"Expected okm to be non-null")
 
 	/*
 	* RFC 5869: 2.3
@@ -258,7 +258,7 @@ cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span
 	* important as the counter is 1 byte, so it cannot overflow
 	*/
 
-	if(okm->size > (uint32_t)(0xFFu * SHA256_DIGEST_SIZE))
+	if(okm.size > (uint32_t)(0xFFu * SHA256_DIGEST_SIZE))
 	{
 		return CSTATUS_FAIL;
 	}
@@ -270,12 +270,12 @@ cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span
 	return _IMPL_CRYPTO_SHA256_HKDF_EXPAND(prk, info, okm);
 }
 
-cstatus_t ncCryptoSha256HkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk)
+cstatus_t ncCryptoSha256HkdfExtract(cspan_t salt, cspan_t ikm, sha256_t prk)
 {
 	/* Debug arg validate */
-	DEBUG_ASSERT2(salt != NULL, "Expected salt to be non-null")
-	DEBUG_ASSERT2(ikm  != NULL, "Expected ikm to be non-null")
-	DEBUG_ASSERT2(prk  != NULL, "Expected prk to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValidC(salt), "Expected salt to be non-null")
+	DEBUG_ASSERT2(ncSpanIsValidC(ikm),	"Expected ikm to be non-null")
+	DEBUG_ASSERT2(prk != NULL,			"Expected prk to be non-null")
 
 #ifndef _IMPL_CRYPTO_SHA256_HKDF_EXTRACT
 	#error "No SHA256 HKDF extract implementation defined"

src/nc-crypto.h

@@ -42,13 +42,13 @@ uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size
 
 void ncCryptoSecureZero(void* ptr, uint32_t size);
 
-cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32);
+cstatus_t ncCryptoDigestSha256(cspan_t data, sha256_t digestOut32);
 
-cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32);
+cstatus_t ncCryptoHmacSha256(cspan_t key, cspan_t data, sha256_t hmacOut32);
 
-cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm);
+cstatus_t ncCryptoSha256HkdfExpand(cspan_t prk, cspan_t info, span_t okm);
 
-cstatus_t ncCryptoSha256HkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk);
+cstatus_t ncCryptoSha256HkdfExtract(cspan_t salt, cspan_t ikm, sha256_t prk);
 
 cstatus_t ncCryptoChacha20(
 	const uint8_t key[CHACHA_KEY_SIZE],