cipherstate.c

Go to the documentation of this file.

/*
 * Copyright (C) 2016 Southern Storm Software, Pty Ltd.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included
 * in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

#include "internal.h"
#include <string.h>

#define NOISE_MAX_KEY_LEN   32

#define NOISE_MAX_MAC_LEN   16

int noise_cipherstate_new_by_id(NoiseCipherState **state, int id)
{
    /* The "state" argument must be non-NULL */
    if (!state)
        return NOISE_ERROR_INVALID_PARAM;

    /* Create the CipherState object for the "id" */
    *state = 0;
    switch (id) {
    case NOISE_CIPHER_CHACHAPOLY:
        *state = noise_chachapoly_new();
        break;

    case NOISE_CIPHER_AESGCM:
        *state = noise_aesgcm_new();
        break;

    default:
        return NOISE_ERROR_UNKNOWN_ID;
    }

    /* Bail out if insufficient memory */
    if (!(*state))
        return NOISE_ERROR_NO_MEMORY;

    /* Ready to go */
    return NOISE_ERROR_NONE;
}

int noise_cipherstate_new_by_name(NoiseCipherState **state, const char *name)
{
    int id;

    /* The "state" and "name" arguments must be non-NULL */
    if (!state)
        return NOISE_ERROR_INVALID_PARAM;
    *state = 0;
    if (!name)
        return NOISE_ERROR_INVALID_PARAM;

    /* Map the name and create the corresponding object */
    id = noise_name_to_id(NOISE_CIPHER_CATEGORY, name, strlen(name));
    if (id)
        return noise_cipherstate_new_by_id(state, id);

    /* We don't know what this is */
    return NOISE_ERROR_UNKNOWN_NAME;
}

int noise_cipherstate_free(NoiseCipherState *state)
{
    /* Bail out if no cipher state */
    if (!state)
        return NOISE_ERROR_INVALID_PARAM;

    /* Call the backend-specific destroy function if necessary */
    if (state->destroy)
        (*(state->destroy))(state);

    /* Clean and free the memory */
    noise_free(state, state->size);
    return NOISE_ERROR_NONE;
}

int noise_cipherstate_get_cipher_id(const NoiseCipherState *state)
{
    return state ? state->cipher_id : NOISE_CIPHER_NONE;
}

size_t noise_cipherstate_get_key_length(const NoiseCipherState *state)
{
    return state ? state->key_len : 0;
}

size_t noise_cipherstate_get_mac_length(const NoiseCipherState *state)
{
    return state ? state->mac_len : 0;
}

int noise_cipherstate_init_key
    (NoiseCipherState *state, const uint8_t *key, size_t key_len)
{
    /* Validate the parameters */
    if (!state || !key)
        return NOISE_ERROR_INVALID_PARAM;
    if (key_len != state->key_len)
        return NOISE_ERROR_INVALID_LENGTH;

    /* Set the key */
    (*(state->init_key))(state, key);
    state->has_key = 1;
    state->n = 0;
    return NOISE_ERROR_NONE;
}

int noise_cipherstate_has_key(const NoiseCipherState *state)
{
    return state ? state->has_key : 0;
}

int noise_cipherstate_encrypt_with_ad
    (NoiseCipherState *state, const uint8_t *ad, size_t ad_len,
     NoiseBuffer *buffer)
{
    int err;

    /* Validate the parameters */
    if (!state || (!ad && ad_len) || !buffer || !(buffer->data))
        return NOISE_ERROR_INVALID_PARAM;
    if (buffer->size > buffer->max_size)
        return NOISE_ERROR_INVALID_LENGTH;

    /* If the key hasn't been set yet, return the plaintext as-is */
    if (!state->has_key) {
        if (buffer->size > NOISE_MAX_PAYLOAD_LEN)
            return NOISE_ERROR_INVALID_LENGTH;
        return NOISE_ERROR_NONE;
    }

    /* Make sure that there is room for the MAC */
    if (buffer->size > (size_t)(NOISE_MAX_PAYLOAD_LEN - state->mac_len))
        return NOISE_ERROR_INVALID_LENGTH;
    if ((buffer->max_size - buffer->size) < state->mac_len)
        return NOISE_ERROR_INVALID_LENGTH;

    /* If the nonce has overflowed, then further encryption is impossible.
       The value 2^64 - 1 is reserved (Noise specification revision 30),
       so if the nonce has reached that value then overflow has occurred. */
    if (state->n == 0xFFFFFFFFFFFFFFFFULL)
        return NOISE_ERROR_INVALID_NONCE;

    /* Encrypt the plaintext and authenticate it */
    err = (*(state->encrypt))(state, ad, ad_len, buffer->data, buffer->size);
    ++(state->n);
    if (err != NOISE_ERROR_NONE)
        return err;

    /* Adjust the output length for the MAC and return */
    buffer->size += state->mac_len;
    return NOISE_ERROR_NONE;
}

int noise_cipherstate_decrypt_with_ad
    (NoiseCipherState *state, const uint8_t *ad, size_t ad_len,
     NoiseBuffer *buffer)
{
    int err;

    /* Validate the parameters */
    if (!state || (!ad && ad_len) || !buffer || !(buffer->data))
        return NOISE_ERROR_INVALID_PARAM;
    if (buffer->size > buffer->max_size || buffer->size > NOISE_MAX_PAYLOAD_LEN)
        return NOISE_ERROR_INVALID_LENGTH;

    /* If the key hasn't been set yet, return the ciphertext as-is */
    if (!state->has_key)
        return NOISE_ERROR_NONE;

    /* Make sure there are enough bytes for the MAC */
    if (buffer->size < state->mac_len)
        return NOISE_ERROR_INVALID_LENGTH;

    /* If the nonce has overflowed, then further decryption is impossible.
       The value 2^64 - 1 is reserved (Noise specification revision 30),
       so if the nonce has reached that value then overflow has occurred. */
    if (state->n == 0xFFFFFFFFFFFFFFFFULL)
        return NOISE_ERROR_INVALID_NONCE;

    /* Decrypt the ciphertext and check the MAC */
    err = (*(state->decrypt))
        (state, ad, ad_len, buffer->data, buffer->size - state->mac_len);
    ++(state->n);
    if (err != NOISE_ERROR_NONE)
        return err;

    /* Adjust the output length for the MAC and return */
    buffer->size -= state->mac_len;
    return NOISE_ERROR_NONE;
}

int noise_cipherstate_encrypt(NoiseCipherState *state, NoiseBuffer *buffer)
{
    return noise_cipherstate_encrypt_with_ad(state, NULL, 0, buffer);
}

int noise_cipherstate_decrypt(NoiseCipherState *state, NoiseBuffer *buffer)
{
    return noise_cipherstate_decrypt_with_ad(state, NULL, 0, buffer);
}

int noise_cipherstate_set_nonce(NoiseCipherState *state, uint64_t nonce)
{
    /* Bail out if the state is NULL */
    if (!state)
        return NOISE_ERROR_INVALID_PARAM;

    /* If the key hasn't been set yet, we cannot do this */
    if (!state->has_key)
        return NOISE_ERROR_INVALID_STATE;

    /* Reject the value if the nonce would go backwards */
    if (state->n > nonce)
        return NOISE_ERROR_INVALID_NONCE;

    /* Set the nonce and return */
    state->n = nonce;
    return NOISE_ERROR_NONE;
}

int noise_cipherstate_get_max_key_length(void)
{
    return NOISE_MAX_KEY_LEN;
}

int noise_cipherstate_get_max_mac_length(void)
{
    return NOISE_MAX_MAC_LEN;
}