Skip to content

Commit

Permalink
Submodules updated. Initial FFI version implemented. #23
Browse files Browse the repository at this point in the history
  • Loading branch information
@nemothenoone
nemothenoone committed Apr 2, 2022
1 parent 2ea4bc1 commit 79a5e6d
Show file tree
Hide file tree
Showing 27 changed files with 95 additions and 212 deletions.
2 changes: 1 addition & 1 deletion libs/algebra
Submodule algebra updated from 094ff6 to cd6121
2 changes: 1 addition & 1 deletion libs/block
Submodule block updated from 6ac2cd to 5778e0
2 changes: 1 addition & 1 deletion libs/blueprint
Submodule blueprint updated from 629e70 to 90bc79
2 changes: 1 addition & 1 deletion libs/codec
Submodule codec updated from 221126 to ca54f1
15 changes: 8 additions & 7 deletions libs/ffi/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,7 @@ cm_find_package(CM)
include(CMDeploy)
include(CMSetupVersion)

cm_find_package(${CMAKE_WORKSPACE_NAME}_pbkdf)
cm_find_package(${CMAKE_WORKSPACE_NAME}_pubkey)
cm_find_package(${CMAKE_WORKSPACE_NAME}_codec)
cm_find_package(${CMAKE_WORKSPACE_NAME}_modes)

list(APPEND ${CURRENT_PROJECT_NAME}_PUBLIC_HEADERS
include/nil/crypto3/ffi/ffi.h
Expand Down Expand Up @@ -57,12 +54,16 @@ target_include_directories(${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} PRIVA
"$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>")

target_link_libraries(${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} PUBLIC
${CMAKE_WORKSPACE_NAME}::pbkdf
${CMAKE_WORKSPACE_NAME}::pubkey
${CMAKE_WORKSPACE_NAME}::algebra
${CMAKE_WORKSPACE_NAME}::block
${CMAKE_WORKSPACE_NAME}::codec
${CMAKE_WORKSPACE_NAME}::modes)
${CMAKE_WORKSPACE_NAME}::hash
${CMAKE_WORKSPACE_NAME}::multiprecision
${CMAKE_WORKSPACE_NAME}::pubkey)

cm_deploy(TARGETS ${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} INCLUDE include/public include/private NAMESPACE ${CMAKE_WORKSPACE_NAME}::)
cm_deploy(TARGETS ${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME}
INCLUDE include
NAMESPACE ${CMAKE_WORKSPACE_NAME}::)

if(APPLE OR NOT ${CMAKE_TARGET_ARCHITECTURE} STREQUAL ${CMAKE_HOST_SYSTEM_PROCESSOR})
set_target_properties(${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} PROPERTIES
Expand Down
133 changes: 0 additions & 133 deletions libs/ffi/include/nil/crypto3/ffi/ffi.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,8 @@ how to provide the cleanest API for such users would be most welcome.
* - Better error reporting
* - User callback for exception logging?
* - Doxygen comments for all functions/params
* - X.509 certs and pkix path validation goo
* - tls
*/

#include <nil/crypto3/build.hpp>

#include <stdint.h>
#include <stddef.h>

Expand Down Expand Up @@ -1041,136 +1037,7 @@ int nil_crypto_mceies_encrypt(nil_crypto_pubkey_t mce_key, nil_crypto_rng_t rng,
int nil_crypto_mceies_decrypt(nil_crypto_privkey_t mce_key, const char *aead, const uint8_t ct[], size_t ct_len,
const uint8_t ad[], size_t ad_len, uint8_t pt[], size_t *pt_len);

typedef struct nil_crypto_x509_cert_struct *nil_crypto_x509_cert_t;

int nil_crypto_x509_cert_load(nil_crypto_x509_cert_t *cert_obj, const uint8_t cert[], size_t cert_len);

int nil_crypto_x509_cert_load_file(nil_crypto_x509_cert_t *cert_obj, const char *filename);

int nil_crypto_x509_cert_destroy(nil_crypto_x509_cert_t cert);

int nil_crypto_x509_cert_gen_selfsigned(nil_crypto_x509_cert_t *cert, nil_crypto_privkey_t key, nil_crypto_rng_t rng,
const char *common_name, const char *org_name);

// TODO: return nil_crypto_time_struct instead

int nil_crypto_x509_cert_get_time_starts(nil_crypto_x509_cert_t cert, char out[], size_t *out_len);

int nil_crypto_x509_cert_get_time_expires(nil_crypto_x509_cert_t cert, char out[], size_t *out_len);

int nil_crypto_x509_cert_get_fingerprint(nil_crypto_x509_cert_t cert, const char *hash, uint8_t out[], size_t *out_len);

int nil_crypto_x509_cert_get_serial_number(nil_crypto_x509_cert_t cert, uint8_t out[], size_t *out_len);

int nil_crypto_x509_cert_get_authority_key_id(nil_crypto_x509_cert_t cert, uint8_t out[], size_t *out_len);

int nil_crypto_x509_cert_get_subject_key_id(nil_crypto_x509_cert_t cert, uint8_t out[], size_t *out_len);

int nil_crypto_x509_cert_get_public_key_bits(nil_crypto_x509_cert_t cert, uint8_t out[], size_t *out_len);

int nil_crypto_x509_cert_get_public_key(nil_crypto_x509_cert_t cert, nil_crypto_pubkey_t *key);

int nil_crypto_x509_cert_get_issuer_dn(nil_crypto_x509_cert_t cert, const char *key, size_t index, uint8_t out[],
size_t *out_len);

int nil_crypto_x509_cert_get_subject_dn(nil_crypto_x509_cert_t cert, const char *key, size_t index, uint8_t out[],
size_t *out_len);

int nil_crypto_x509_cert_to_string(nil_crypto_x509_cert_t cert, char out[], size_t *out_len);

// Must match values of key_constraints in key_constraints.h
enum nil_crypto_x509_cert_key_constraints {
NO_CONSTRAINTS = 0,
DIGITAL_SIGNATURE = 32768,
NON_REPUDIATION = 16384,
KEY_ENCIPHERMENT = 8192,
DATA_ENCIPHERMENT = 4096,
KEY_AGREEMENT = 2048,
KEY_CERT_SIGN = 1024,
CRL_SIGN = 512,
ENCIPHER_ONLY = 256,
DECIPHER_ONLY = 128
};

int nil_crypto_x509_cert_allowed_usage(nil_crypto_x509_cert_t cert, unsigned int key_usage);

/**
* Check if the certificate matches the specified hostname via alternative name or CN match.
* RFC 5280 wildcards also supported.
*/

int nil_crypto_x509_cert_hostname_match(nil_crypto_x509_cert_t cert, const char *hostname);

/**
* Key wrapping as per RFC 3394
*/

int nil_crypto_key_wrap3394(const uint8_t key[], size_t key_len, const uint8_t kek[], size_t kek_len,
uint8_t wrapped_key[], size_t *wrapped_key_len);

int nil_crypto_key_unwrap3394(const uint8_t wrapped_key[], size_t wrapped_key_len, const uint8_t kek[], size_t kek_len,
uint8_t key[], size_t *key_len);

/*
* tls (WIP)
*/
#if defined(CRYPTO3_HAS_TLS) && 0

typedef struct nil_crypto_tls_session_struct *nil_crypto_tls_session_t;

CRYPTO3_TEST_API int nil_crypto_tls_session_decrypt(nil_crypto_tls_session_t *session, const uint8_t key[],
size_t key_len, const uint8_t blob[], size_t blob_len);

CRYPTO3_TEST_API int nil_crypto_tls_session_get_version(nil_crypto_tls_session_t session, uint16_t *tls_version);
CRYPTO3_TEST_API int nil_crypto_tls_session_get_ciphersuite(nil_crypto_tls_session_t session, uint16_t *ciphersuite);
CRYPTO3_TEST_API int nil_crypto_tls_session_encrypt(nil_crypto_tls_session_t session, nil_crypto_rng_t random,
uint8_t key[], size_t *key_len);

CRYPTO3_TEST_API int nil_crypto_tls_session_get_peer_certs(nil_crypto_tls_session_t session,
nil_crypto_x509_cert_t certs[], size_t *cert_len);

// TODO: peer certs, validation, ...

typedef struct nil_crypto_tls_channel_struct *nil_crypto_tls_channel_t;

typedef void (*nil_crypto_tls_channel_output_fn)(void *application_data, const uint8_t *data, size_t data_len);

typedef void (*nil_crypto_tls_channel_data_cb)(void *application_data, const uint8_t *data, size_t data_len);

typedef void (*nil_crypto_tls_channel_alert_cb)(void *application_data, uint16_t alert_code);

typedef void (*nil_crypto_tls_channel_session_established)(void *application_data,
nil_crypto_tls_channel_t channel,
nil_crypto_tls_session_t session);

CRYPTO3_TEST_API int nil_crypto_tls_channel_init_client(nil_crypto_tls_channel_t *channel,
nil_crypto_tls_channel_output_fn output_fn,
nil_crypto_tls_channel_data_cb data_cb,
nil_crypto_tls_channel_alert_cb alert_cb,
nil_crypto_tls_channel_session_established session_cb,
const char *server_name);

CRYPTO3_TEST_API int nil_crypto_tls_channel_init_server(nil_crypto_tls_channel_t *channel,
nil_crypto_tls_channel_output_fn output_fn,
nil_crypto_tls_channel_data_cb data_cb,
nil_crypto_tls_channel_alert_cb alert_cb,
nil_crypto_tls_channel_session_established session_cb);

CRYPTO3_TEST_API int nil_crypto_tls_channel_received_data(nil_crypto_tls_channel_t chan, const uint8_t input[],
size_t len);

/**
* Returns 0 for client, 1 for server, negative for error
*/
CRYPTO3_TEST_API int nil_crypto_tls_channel_type(nil_crypto_tls_channel_t chan);

CRYPTO3_TEST_API int nil_crypto_tls_channel_send(nil_crypto_tls_channel_t chan, const uint8_t input[], size_t len);

CRYPTO3_TEST_API int nil_crypto_tls_channel_close(nil_crypto_tls_channel_t chan);

CRYPTO3_TEST_API int nil_crypto_tls_channel_destroy(nil_crypto_tls_channel_t chan);

#endif
#ifdef __cplusplus
}
#endif
Expand Down
14 changes: 7 additions & 7 deletions libs/ffi/include/nil/crypto3/ffi/ffi_util.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,12 @@ namespace nil {
return ffi_guard_thunk(func_name, [&]() { return func(*o->unsafe_get()); });
}

#define CRYPTO3_FFI_DO(T, obj, param, block) \
apply_fn(obj, CRYPTO3_CURRENT_FUNCTION, [=](T &param) -> int { \
do { \
block \
} while (0); \
return CRYPTO3_FFI_SUCCESS; \
#define CRYPTO3_FFI_DO(T, obj, param, block) \
apply_fn(obj, BOOST_CURRENT_FUNCTION, [=](T &param) -> int { \
do { \
block \
} while (0); \
return CRYPTO3_FFI_SUCCESS; \
})

template<typename T, uint32_t M>
Expand All @@ -115,7 +115,7 @@ namespace nil {
}
}

#define CRYPTO3_FFI_CHECKED_DELETE(o) ffi_delete_object(o, CRYPTO3_CURRENT_FUNCTION)
#define CRYPTO3_FFI_CHECKED_DELETE(o) ffi_delete_object(o, BOOST_CURRENT_FUNCTION)

inline int write_output(uint8_t out[], size_t *out_len, const uint8_t buf[], size_t buf_len);

Expand Down
10 changes: 5 additions & 5 deletions libs/ffi/src/ffi.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#include <nil/crypto3/ffi/ffi.h>
#include <nil/crypto3/ffi/ffi_util.h>

#include <iostream>
#include <boost/current_function.hpp>

#include <nil/crypto3/block/detail/utilities/memory_operations.hpp>

Expand Down Expand Up @@ -95,7 +95,7 @@ const char *nil_crypto_error_description(int err) {
}

int nil_crypto_hex_encode(const uint8_t *in, size_t len, char *out, uint32_t flags) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
const bool uppercase = (flags & CRYPTO3_FFI_HEX_LOWER_CASE) == 0;
if (uppercase) {
encode<codec::hex<codec::mode::upper>>(in, in + len, out);
Expand All @@ -107,21 +107,21 @@ int nil_crypto_hex_encode(const uint8_t *in, size_t len, char *out, uint32_t fla
}

int nil_crypto_hex_decode(const char *hex_str, size_t in_len, uint8_t *out, size_t *out_len) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
const std::vector<uint8_t> bin = decode<codec::hex<>>(hex_str, hex_str + in_len);
return ffi::write_vec_output(out, out_len, bin);
});
}

int nil_crypto_base64_encode(const uint8_t *in, size_t len, char *out, size_t *out_len) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
const std::string base64 = encode<codec::base<64>>(in, in + len);
return ffi::write_str_output(out, out_len, base64);
});
}

int nil_crypto_base64_decode(const char *base64_str, size_t in_len, uint8_t *out, size_t *out_len) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
// if (*out_len < nil::crypto3::base64_decode_max_output(in_len)) {
// *out_len = nil::crypto3::base64_decode_max_output(in_len);
// return CRYPTO3_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE;
Expand Down
4 changes: 3 additions & 1 deletion libs/ffi/src/ffi_block.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
#include <nil/crypto3/ffi/ffi.h>
#include <nil/crypto3/ffi/ffi_util.h>

#include <boost/current_function.hpp>

extern "C" {

using namespace nil::crypto3::ffi;

// CRYPTO3_FFI_DECLARE_STRUCT(nil_crypto_block_cipher_struct, nil::crypto3::BlockCipher, 0x64C29716);

int nil_crypto_block_cipher_init(nil_crypto_block_cipher_t *bc, const char *bc_name) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
if (bc == NULL || bc_name == NULL || *bc_name == 0) {
return CRYPTO3_FFI_ERROR_NULL_POINTER;
}
Expand Down
8 changes: 5 additions & 3 deletions libs/ffi/src/ffi_cipher.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#include <nil/crypto3/ffi/ffi.h>
#include <nil/crypto3/ffi/ffi_util.h>

#include <boost/current_function.hpp>

extern "C" {

using namespace nil::crypto3::ffi;
Expand All @@ -13,7 +15,7 @@ using namespace nil::crypto3::ffi;
//};

int nil_crypto_cipher_init(nil_crypto_cipher_t *cipher, const char *cipher_name, uint32_t flags) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
const bool encrypt_p = ((flags & CRYPTO3_CIPHER_INIT_FLAG_MASK_DIRECTION) == CRYPTO3_CIPHER_INIT_FLAG_ENCRYPT);
// const nil::crypto3::Cipher_Dir dir = encrypt_p ? nil::crypto3::ENCRYPTION : nil::crypto3::DECRYPTION;
// std::unique_ptr<nil::crypto3::cipher_mode> mode(nil::crypto3::cipher_mode::create(cipher_name, dir));
Expand Down Expand Up @@ -46,7 +48,7 @@ int nil_crypto_cipher_set_key(nil_crypto_cipher_t cipher, const uint8_t *key, si
}

int nil_crypto_cipher_start(nil_crypto_cipher_t cipher_obj, const uint8_t *nonce, size_t nonce_len) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
// nil::crypto3::cipher_mode &cipher = safe_get(cipher_obj);
// cipher.start(nonce, nonce_len);
// cipher_obj->m_buf.reserve(cipher.update_granularity());
Expand All @@ -57,7 +59,7 @@ int nil_crypto_cipher_start(nil_crypto_cipher_t cipher_obj, const uint8_t *nonce
int nil_crypto_cipher_update(nil_crypto_cipher_t cipher_obj, uint32_t flags, uint8_t output_ptr[],
size_t orig_output_size, size_t *output_written, const uint8_t input_ptr[],
size_t orig_input_size, size_t *input_consumed) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
size_t input_size = orig_input_size;
size_t output_size = orig_output_size;
const uint8_t *input = input_ptr;
Expand Down
4 changes: 3 additions & 1 deletion libs/ffi/src/ffi_hash.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#include <nil/crypto3/ffi/ffi.h>
#include <nil/crypto3/ffi/ffi_util.h>

#include <boost/current_function.hpp>

#include <nil/crypto3/hash/hash_state.hpp>

extern "C" {
Expand All @@ -10,7 +12,7 @@ using namespace nil::crypto3::ffi;
// CRYPTO3_FFI_DECLARE_STRUCT(nil_crypto_hash_struct, nil::crypto3::accumulator_set, 0x1F0A4F84);

int nil_crypto_hash_init(nil_crypto_hash_t *hash, const char *hash_name, uint32_t flags) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
if (hash == NULL || hash_name == NULL || *hash_name == 0) {
return CRYPTO3_FFI_ERROR_NULL_POINTER;
}
Expand Down
12 changes: 7 additions & 5 deletions libs/ffi/src/ffi_kdf.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
#include <nil/crypto3/ffi/ffi_util.h>
#include <nil/crypto3/ffi/ffi_rng.h>

#include <boost/current_function.hpp>

#if defined(CRYPTO3_HAS_BCRYPT)
#include <nil/crypto3/passhash/bcrypt/bcrypt.hpp>
#endif
Expand All @@ -12,7 +14,7 @@ using namespace nil::crypto3::ffi;

int nil_crypto_pbkdf(const char *pbkdf_algo, uint8_t out[], size_t out_len, const char *pass, const uint8_t salt[],
size_t salt_len, size_t iterations) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
// std::unique_ptr<nil::crypto3::PBKDF> pbkdf(nil::crypto3::get_pbkdf(pbkdf_algo));
// pbkdf->pbkdf_iterations(out, out_len, pass, salt, salt_len, iterations);
return CRYPTO3_FFI_SUCCESS;
Expand All @@ -21,7 +23,7 @@ int nil_crypto_pbkdf(const char *pbkdf_algo, uint8_t out[], size_t out_len, cons

int nil_crypto_pbkdf_timed(const char *pbkdf_algo, uint8_t out[], size_t out_len, const char *password,
const uint8_t salt[], size_t salt_len, size_t ms_to_run, size_t *iterations_used) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
// std::unique_ptr<nil::crypto3::PBKDF> pbkdf(nil::crypto3::get_pbkdf(pbkdf_algo));
// pbkdf->pbkdf_timed(out, out_len, password, salt, salt_len, std::chrono::milliseconds(ms_to_run),
// *iterations_used);
Expand All @@ -31,7 +33,7 @@ int nil_crypto_pbkdf_timed(const char *pbkdf_algo, uint8_t out[], size_t out_len

int nil_crypto_kdf(const char *kdf_algo, uint8_t out[], size_t out_len, const uint8_t secret[], size_t secret_len,
const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) {
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
// std::unique_ptr<nil::crypto3::KDF> kdf(nil::crypto3::get_kdf(kdf_algo));
// kdf->kdf(out, out_len, secret, secret_len, salt, salt_len, label, label_len);
return CRYPTO3_FFI_SUCCESS;
Expand All @@ -41,7 +43,7 @@ int nil_crypto_kdf(const char *kdf_algo, uint8_t out[], size_t out_len, const ui
int nil_crypto_bcrypt_generate(uint8_t *out, size_t *out_len, const char *pass, nil_crypto_rng_t rng_obj, size_t wf,
uint32_t flags) {
#if defined(CRYPTO3_HAS_BCRYPT)
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
if (out == NULL || out_len == NULL || pass == NULL)
return CRYPTO3_FFI_ERROR_NULL_POINTER;

Expand All @@ -62,7 +64,7 @@ int nil_crypto_bcrypt_generate(uint8_t *out, size_t *out_len, const char *pass,

int nil_crypto_bcrypt_is_valid(const char *pass, const char *hash) {
#if defined(CRYPTO3_HAS_BCRYPT)
return ffi_guard_thunk(CRYPTO3_CURRENT_FUNCTION, [=]() -> int {
return ffi_guard_thunk(BOOST_CURRENT_FUNCTION, [=]() -> int {
return nil::crypto3::check_bcrypt(pass, hash) ? CRYPTO3_FFI_SUCCESS : CRYPTO3_FFI_INVALID_VERIFIER;
});
#else
Expand Down
Loading

0 comments on commit 79a5e6d

Please sign in to comment.